Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:52:50 UTC

Lateral Movement Detected

Informational Open
ALR-00087 · 2026-04-10T20:02:44Z

Description

DLP Module detected lateral movement from WS-PC-004 to SRV-DC-01 using user 'n.clark' credentials. SMB admin shares accessed.

Alert Metadata

Alert ID
ALR-00087
Timestamp
2026-04-10T20:02:44Z
Severity
Informational
Status
Open
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-004
User Account
n.clark
Source IP
91.46.195.48
Destination IP
10.2.213.145
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1021.002
Reference
attack.mitre.org/techniques/T1021.002

Investigation Timeline

20:02:44 Event ingested by SOC365 Engine
20:02:45 EmilyAI triage started — correlation enrichment
20:02:53 EmilyAI confidence: 79% — escalated to human analyst
20:03:12 Alert assigned to analyst: EmilyAI (auto)
20:04:54 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00216 1h ago Failed MFA Challenge Medium Investigating WS-PC-004
ALR-00247 6h ago Lateral Movement Detected Low Investigating VM-DEV-01
ALR-00075 8h ago Shadow IT Discovery Medium Resolved WS-PC-004
ALR-00334 14h ago Lateral Movement Detected Medium Investigating WS-PC-006
ALR-00317 19h ago Lateral Movement Detected Medium Open SRV-SQL-01